You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Daniel Glöckner 91034255e4 ima: accept previously set IMA_NEW_FILE ... commit 1ac202e978 upstream. Modifying the attributes of a file makes ima_inode_post_setattr reset the IMA cache flags. So if the file, which has just been created, is opened a second time before the first file descriptor is closed, verification fails since the security.ima xattr has not been written yet. We therefore have to look at the IMA_NEW_FILE even if the file already existed. With this patch there should no longer be an error when cat tries to open testfile: $ rm -f testfile $ ( echo test >&3 ; touch testfile ; cat testfile ) 3>testfile A file being new is no reason to accept that it is missing a digital signature demanded by the policy. Signed-off-by: Daniel Glöckner <dg@emlix.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		6 years ago
..
evm	xattr: Add __vfs_{get,set,remove}xattr helpers	7 years ago
ima	ima: accept previously set IMA_NEW_FILE	6 years ago
Kconfig	security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA	7 years ago
Makefile	integrity: make integrity files as 'integrity' module	9 years ago
digsig.c	IMA: Use the the system trusted keyrings instead of .ima_mok	7 years ago
digsig_asymmetric.c	X.509: Make algo identifiers text instead of enum	7 years ago
iint.c	integrity: add measured_pcrs field to integrity cache	7 years ago
integrity.h	integrity: add measured_pcrs field to integrity cache	7 years ago
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	9 years ago